├── .gitignore ├── README.md ├── pom.xml ├── pop_db.sql └── src └── main ├── resources └── log4j.properties └── webapp ├── WEB-INF ├── .gitignore ├── jetty-env.xml ├── shiro.ini └── web.xml ├── account └── index.jsp ├── home.jsp ├── include.jsp ├── index.jsp ├── login.jsp └── style.css /.gitignore: -------------------------------------------------------------------------------- 1 | *.class 2 | 3 | # Package Files # 4 | *.jar 5 | *.war 6 | *.ear 7 | 8 | # Temporary Folders # 9 | gen 10 | target 11 | 12 | # Eclipse stuff # 13 | .settings 14 | .project 15 | .classpath 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | simple-shiro-web-app 2 | ==================== 3 | 4 | A simple proof-of-concept of Shiro authentication with Jetty and JDBC (MySQL) Realm. 5 | 6 | ## Prerequisites ## 7 | - JDK 6 8 | - Maven 3.0.3 or newer 9 | 10 | ## Configure MySQL database ## 11 | 12 | Run the following commands: 13 | ``` 14 | mysql -u root -p 15 | create database simple_shiro_web_app; 16 | grant all privileges on simple_shiro_web_app.* to 'root'@'localhost' identified by '123qwe'; 17 | flush privileges; 18 | ``` 19 | 20 | Now, populate the database with the script provided: 21 | ``` 22 | mysql -u root -p123qwe simple_shiro_web_app < pop_db.sql 23 | ``` 24 | 25 | ## Test ## 26 | In order to build a WAR package, run the following command: 27 | ``` 28 | mvn clean jetty:run 29 | ``` 30 | Point your browser to _http://localhost:9090_ -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 4.0.0 6 | 7 | com.github.pires.example 8 | simple-shiro-web-app 9 | 1.0 10 | war 11 | Simple Shiro Web App 12 | 13 | 14 | ${project.build.directory}/endorsed 15 | UTF-8 16 | 1.6 17 | 1.2.1 18 | 1.7.5 19 | 20 | 21 | 22 | 23 | 24 | org.apache.shiro 25 | shiro-core 26 | ${shiro.version} 27 | 28 | 29 | org.apache.shiro 30 | shiro-web 31 | ${shiro.version} 32 | 33 | 34 | org.apache.shiro 35 | shiro-ehcache 36 | ${shiro.version} 37 | 38 | 39 | log4j 40 | log4j 41 | 1.2.17 42 | 43 | 44 | org.slf4j 45 | slf4j-log4j12 46 | ${slf4j.version} 47 | 48 | 49 | 51 | org.slf4j 52 | jcl-over-slf4j 53 | ${slf4j.version} 54 | 55 | 56 | mysql 57 | mysql-connector-java 58 | 5.1.24 59 | 60 | 61 | com.jolbox 62 | bonecp 63 | 0.7.1.RELEASE 64 | runtime 65 | 66 | 67 | 68 | 69 | 70 | 71 | org.apache.maven.plugins 72 | maven-compiler-plugin 73 | 3.1 74 | 75 | ${java.version} 76 | ${java.version} 77 | 78 | ${endorsed.dir} 79 | 80 | 81 | 82 | 83 | org.mortbay.jetty 84 | jetty-maven-plugin 85 | 8.1.10.v20130312 86 | 87 | / 88 | 89 | 91 | 9090 92 | 60000 93 | 94 | 95 | 96 | ./target/yyyy_mm_dd.request.log 97 | 90 98 | true 99 | false 100 | GMT 101 | 102 | 103 | 104 | 105 | 106 | 107 | -------------------------------------------------------------------------------- /pop_db.sql: -------------------------------------------------------------------------------- 1 | # create db 2 | # alter table simple_shiro_web_app.ROLES_PERMISSIONS drop foreign key RP_1; 3 | # alter table simple_shiro_web_app.ROLES_PERMISSIONS drop foreign key RP_2; 4 | # alter table simple_shiro_web_app.USERS_ROLES drop foreign key UR_1; 5 | # alter table simple_shiro_web_app.USERS_ROLES drop foreign key UR_2; 6 | drop table if exists simple_shiro_web_app.PERMISSIONS; 7 | drop table if exists simple_shiro_web_app.ROLES; 8 | drop table if exists simple_shiro_web_app.ROLES_PERMISSIONS; 9 | drop table if exists simple_shiro_web_app.USERS; 10 | drop table if exists simple_shiro_web_app.USERS_ROLES; 11 | create table simple_shiro_web_app.PERMISSIONS (name varchar(30) not null, description varchar(255), primary key (name)); 12 | create table simple_shiro_web_app.ROLES (name varchar(20) not null, description varchar(255), primary key (name)); 13 | create table simple_shiro_web_app.ROLES_PERMISSIONS (role_name varchar(20) not null, permission varchar(30) not null); 14 | create table simple_shiro_web_app.USERS (username varchar(15) not null, email varchar(100), name varchar(65), password varchar(255) not null, primary key (username)); 15 | create table simple_shiro_web_app.USERS_ROLES (username varchar(15) not null, role_name varchar(20) not null); 16 | alter table simple_shiro_web_app.ROLES_PERMISSIONS add index RP_1 (role_name), add constraint RP_1 foreign key (role_name) references simple_shiro_web_app.ROLES (name); 17 | alter table simple_shiro_web_app.ROLES_PERMISSIONS add index RP_2 (permission), add constraint RP_2 foreign key (permission) references simple_shiro_web_app.PERMISSIONS (name); 18 | alter table simple_shiro_web_app.USERS_ROLES add index UR_1 (username), add constraint UR_1 foreign key (username) references simple_shiro_web_app.USERS (username); 19 | alter table simple_shiro_web_app.USERS_ROLES add index UR_2 (role_name), add constraint UR_2 foreign key (role_name) references simple_shiro_web_app.ROLES (name); 20 | 21 | -- insert users 22 | -- The password values are the output of Shiro's command line hasher: 23 | -- java -jar shiro-tools-hasher-1.2.0-cli.jar -p 24 | -- using a plaintext password of 123qwe 25 | INSERT INTO simple_shiro_web_app.USERS (username, name, email, password) VALUES('admin', 'Administrator', 'admin@example.com', '$shiro1$SHA-256$500000$QmLtx8PaCMe72i+yVuqH+A==$P5ohK5uWi30u38ujuTnmmeUK2gPwqhxTnke2wd9fZXw='); 26 | INSERT INTO simple_shiro_web_app.USERS (username, name, email, password) VALUES('u1', 'User P1', 'u1@example.com', '$shiro1$SHA-256$500000$QmLtx8PaCMe72i+yVuqH+A==$P5ohK5uWi30u38ujuTnmmeUK2gPwqhxTnke2wd9fZXw='); 27 | INSERT INTO simple_shiro_web_app.USERS (username, name, email, password) VALUES('u2', 'User P2', 'u2@example.com', '$shiro1$SHA-256$500000$QmLtx8PaCMe72i+yVuqH+A==$P5ohK5uWi30u38ujuTnmmeUK2gPwqhxTnke2wd9fZXw='); 28 | 29 | # insert roles 30 | INSERT INTO simple_shiro_web_app.ROLES (name, description) VALUES('ADMIN', 'Administrator role'); 31 | INSERT INTO simple_shiro_web_app.ROLES (name, description) VALUES('USER_P1', 'Perfil 1'); 32 | INSERT INTO simple_shiro_web_app.ROLES (name, description) VALUES('USER_P2', 'Perfil 2'); 33 | 34 | # insert relationships 35 | INSERT INTO simple_shiro_web_app.USERS_ROLES (username, role_name) VALUES('admin', 'ADMIN'); 36 | INSERT INTO simple_shiro_web_app.USERS_ROLES (username, role_name) VALUES('u1', 'USER_P1'); 37 | INSERT INTO simple_shiro_web_app.USERS_ROLES (username, role_name) VALUES('u2', 'USER_P2'); 38 | -------------------------------------------------------------------------------- /src/main/resources/log4j.properties: -------------------------------------------------------------------------------- 1 | # This file is used to format all logging output 2 | log4j.rootLogger=TRACE, stdout 3 | 4 | log4j.appender.stdout=org.apache.log4j.ConsoleAppender 5 | log4j.appender.stdout.layout=org.apache.log4j.PatternLayout 6 | log4j.appender.stdout.layout.ConversionPattern=%d %-5p [%c]: %m%n 7 | 8 | #log4j.appender.file=org.apache.log4j.RollingFileAppender 9 | #log4j.appender.file.File=/home/glassfish/shiro.log 10 | #log4j.appender.R.MaxFileSize=2048KB 11 | #log4j.appender.R.MaxBackupIndex=2 12 | #log4j.appender.file.layout=org.apache.log4j.PatternLayout 13 | #log4j.appender.file.layout.ConversionPattern=%d %-5p [%c]: %m%n 14 | 15 | # ============================================================================= 16 | # 3rd Party Libraries 17 | # OFF, FATAL, ERROR, WARN, INFO, DEBUG, ALL 18 | # ============================================================================= 19 | # ehcache caching manager: 20 | log4j.logger.net.sf.ehcache=WARN 21 | 22 | # Most all Apache libs: 23 | log4j.logger.org.apache=WARN 24 | 25 | # Hibernate 26 | log4j.logger.org.hibernate=WARN 27 | 28 | # ============================================================================= 29 | # Apache Shiro 30 | # ============================================================================= 31 | # Shiro security framework 32 | log4j.logger.org.apache.shiro=TRACE 33 | #log4j.logger.org.apache.shiro.realm.text.PropertiesRealm=INFO 34 | #log4j.logger.org.apache.shiro.cache.ehcache.EhCache=INFO 35 | #log4j.logger.org.apache.shiro.io=INFO 36 | #log4j.logger.org.apache.shiro.web.servlet=INFO 37 | log4j.logger.org.apache.shiro.util.ThreadContext=INFO -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pires/simple-shiro-web-app/a52a77069c076c3a73be63d9310c4bb35c5d7e20/src/main/webapp/WEB-INF/.gitignore -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/jetty-env.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | jdbc/myDS 6 | 7 | 8 | com.mysql.jdbc.Driver 9 | jdbc:mysql://localhost:3306/simple_shiro_web_app 10 | root 11 | 123qwe 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/shiro.ini: -------------------------------------------------------------------------------- 1 | [main] 2 | authc.loginUrl = /login.jsp 3 | authc.successUrl = /home.jsp 4 | 5 | # password matcher 6 | passwordMatcher = org.apache.shiro.authc.credential.PasswordMatcher 7 | passwordService = org.apache.shiro.authc.credential.DefaultPasswordService 8 | passwordMatcher.passwordService = $passwordService 9 | 10 | ds = org.apache.shiro.jndi.JndiObjectFactory 11 | ds.resourceName = jdbc/myDS 12 | ds.requiredType = javax.sql.DataSource 13 | 14 | jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm 15 | jdbcRealm.permissionsLookupEnabled = true 16 | jdbcRealm.authenticationQuery = SELECT password FROM USERS WHERE username = ? 17 | jdbcRealm.userRolesQuery = SELECT role_name FROM USERS_ROLES WHERE username = ? 18 | jdbcRealm.credentialsMatcher = $passwordMatcher 19 | jdbcRealm.dataSource=$ds 20 | securityManager.realms = $jdbcRealm 21 | 22 | #cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager 23 | #securityManager.cacheManager = $cacheManager 24 | #jdbcRealm.authenticationCachingEnabled = true 25 | 26 | [urls] 27 | # The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but 28 | # the 'authc' filter must still be specified for it so it can process that url's 29 | # login submissions. It is 'smart' enough to allow those requests through as specified by the 30 | # shiro.loginUrl above. 31 | /login.jsp = authc 32 | /home.jsp = anon, authc 33 | /logout = logout 34 | /account/** = authc -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | 7 | org.apache.shiro.web.env.EnvironmentLoaderListener 8 | 9 | 10 | 11 | ShiroFilter 12 | org.apache.shiro.web.servlet.ShiroFilter 13 | 14 | 15 | 16 | ShiroFilter 17 | /* 18 | REQUEST 19 | FORWARD 20 | INCLUDE 21 | ERROR 22 | 23 | 24 | -------------------------------------------------------------------------------- /src/main/webapp/account/index.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="../include.jsp" %> 2 | 3 | 4 | 5 | "/> 6 | 7 | 8 | 9 |

Users only

10 | 11 |

Hello, .

12 | 13 |

">Return to the home page.

14 | 15 |

">Log out.

16 | 17 | 18 | -------------------------------------------------------------------------------- /src/main/webapp/home.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="include.jsp"%> 2 | 3 | 4 | 5 | " /> 7 | Auth 8 | 9 | 10 | 11 |

Simple Shiro Web App

12 | 13 |

14 | Hi 15 | Guest 16 | 17 | 18 | 19 | ! ( 20 | 21 | ">Log out 22 | 23 | 24 | ">Log in 25 | ) 26 |

27 | 28 | 29 |

30 | Visit your ">account page. 31 |

32 | 33 | 34 |

35 | If you want to access the user-only ">account page, you will need to 37 | log-in first. 38 |

39 | 40 | 41 |

Roles

42 | 43 |

To show some taglibs, here are the roles you have and don't 44 | have. Log out and log back in under different user accounts to see 45 | different roles.

46 | 47 |

Roles you have

48 | 49 |

50 | Administrator
51 | 52 | Perfil 1
53 | 54 | Perfil 2
55 | 56 |

57 | 58 |

Roles you DON'T have

59 | 60 |

61 | Administrator
62 | 63 | Perfil 1
64 | 65 | Perfil 2
66 | 67 |

68 | 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /src/main/webapp/include.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | ~ Licensed to the Apache Software Foundation (ASF) under one 3 | ~ or more contributor license agreements. See the NOTICE file 4 | ~ distributed with this work for additional information 5 | ~ regarding copyright ownership. The ASF licenses this file 6 | ~ to you under the Apache License, Version 2.0 (the 7 | ~ "License"); you may not use this file except in compliance 8 | ~ with the License. You may obtain a copy of the License at 9 | ~ 10 | ~ http://www.apache.org/licenses/LICENSE-2.0 11 | ~ 12 | ~ Unless required by applicable law or agreed to in writing, 13 | ~ software distributed under the License is distributed on an 14 | ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | ~ KIND, either express or implied. See the License for the 16 | ~ specific language governing permissions and limitations 17 | ~ under the License. 18 | --%> 19 | <%@ page import="org.apache.shiro.SecurityUtils" %> 20 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 21 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> 22 | <%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %> -------------------------------------------------------------------------------- /src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | ~ Licensed to the Apache Software Foundation (ASF) under one 3 | ~ or more contributor license agreements. See the NOTICE file 4 | ~ distributed with this work for additional information 5 | ~ regarding copyright ownership. The ASF licenses this file 6 | ~ to you under the Apache License, Version 2.0 (the 7 | ~ "License"); you may not use this file except in compliance 8 | ~ with the License. You may obtain a copy of the License at 9 | ~ 10 | ~ http://www.apache.org/licenses/LICENSE-2.0 11 | ~ 12 | ~ Unless required by applicable law or agreed to in writing, 13 | ~ software distributed under the License is distributed on an 14 | ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | ~ KIND, either express or implied. See the License for the 16 | ~ specific language governing permissions and limitations 17 | ~ under the License. 18 | --%> 19 | 20 | <%-- Forward the user to the home page --%> 21 | -------------------------------------------------------------------------------- /src/main/webapp/login.jsp: -------------------------------------------------------------------------------- 1 | <%@ include file="include.jsp"%> 2 | 3 | 4 | 5 | " /> 7 | 8 | 9 | 10 |

Please Log in

11 | 12 | 13 |

Here are a few sample accounts to play with in the default 14 | text-based Realm (used for this demo and test installs only). Do you 15 | remember the movie these names came from? ;)

16 | 17 | 18 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 |
UsernamePassword
admin123qwe
u1123qwe
u2123qwe
67 |
68 |
69 | 70 | 71 |
72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 84 | 85 | 86 | 88 | 89 |
Username:
Password:
Remember Me
90 |
91 | 92 | 93 | 94 | -------------------------------------------------------------------------------- /src/main/webapp/style.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | body { 20 | margin: 15px 0 0 15px; 21 | padding: 1px; /*background: #2370cf;*/ 22 | font: 12px 'Lucida Grande', Geneva, Verdana, Arial, sans-serif; 23 | color: #000; 24 | } 25 | 26 | table, td { 27 | font: 12px 'Lucida Grande', Geneva, Verdana, Arial, sans-serif; 28 | color: #000; 29 | } 30 | 31 | h1 { 32 | font: 24px; 33 | } 34 | 35 | img { 36 | border: thin black solid; 37 | } 38 | 39 | #contentBox { 40 | text-align: center; 41 | width: 50%; 42 | margin: auto; 43 | margin-top: 50px; 44 | color: black; 45 | background: #eee; 46 | border: thick black solid; 47 | } --------------------------------------------------------------------------------